OpenSSH Vulnerability

Published: 2013-11-11
Last Updated: 2013-11-11 01:46:14 UTC
by Johannes Ullrich (Version: 1)
1 comment(s)

OpenSSH announced that OpenSSH 6.2 and 6.3 are vulnerable to an authenticated code execution flaw. The vulnerability affects the AES-GCM cipher. As a quick fix, you can disable the cipher (see the URL below for details). Or you can upgrade to OpenSSH 6.4.

A user may bypass restrictions imposed to the users account by exploiting the flaw, but the user needs valid credentials to take advantage of the flaw.



Johannes B. Ullrich, Ph.D.
SANS Technology Institute

Keywords: ssh
1 comment(s)


This makes for a nice change. It gets boring patching only BIND, MySQL, Wordpress, Oracle Java and Adobe products over and over.

Diary Archives